Last Comment Bug 595653 - Firefox crashes [@ Yarr::regexgenerator::matchcharacterclass] if built with -arch:sse2 -Ox
: Firefox crashes [@ Yarr::regexgenerator::matchcharacterclass] if built with -...
Status: RESOLVED WORKSFORME
: crash
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: Trunk
: x86 Windows 7
: -- critical (vote)
: ---
Assigned To: general
:
: Jason Orendorff [:jorendorff]
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-09-12 08:36 PDT by Varun
Modified: 2012-01-06 14:57 PST (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
screenshot of WinDbg (30.28 KB, image/png)
2010-09-24 20:11 PDT, Tetsuro Kato (tete)
no flags Details

Description Varun 2010-09-12 08:36:49 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100626 Firefox/3.6.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.4) Gecko/20100626 Firefox/3.6.4

When doing a PGO build of Firefox with the option ac_add_options --enable-optimize="-Ox -GAFs -arch:SSE -fp:fast" the build succeeds but Firefox crashes. The profile manager does come up.

Reproducible: Always

Steps to Reproduce:
1. Build firefox 4.0b4 and above with the following mozconfig.
2. Build succeeds
3. Binary crashes
Actual Results:  
Firefox.exe binary crashes

Expected Results:  
Firefox.exe binary should start as expected.

export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export LDFLAGS="-LTCG:STATUS"
mk_add_options BUILD_OFFICIAL=1
mk_add_options MOZ_CO_PROJECT=browser
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/FFBINSSEUO

LDFLAGS="-ltcg:STATUS"
export MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98"
mk_add_options MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98"
mk_add_options PROFILE_GEN_SCRIPT='$(PYTHON) $(MOZ_OBJDIR)/_profile/pgo/profileserver.py'

ac_add_options --enable-application=browser
ac_add_options --enable-update-channel=release
ac_add_options --enable-update-packaging
ac_add_options --enable-jemalloc
ac_add_options --enable-tests

ac_add_options --enable-optimize="-Ox -GAFs -arch:SSE -fp:fast"

ac_add_options --enable-strip				#Enable stripping of  executables
ac_add_options --enable-strip-libs			#Enable stripping oflibs
Comment 1 Varun 2010-09-12 08:38:17 PDT
I'm using Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 14.00.50727.762
Comment 2 Varun 2010-09-12 08:49:01 PDT
The builds for 3.6.* branch and Firefox 4.0b3 and earlier work fine. Here's the buildconfig of a build that works:

about:buildconfig

Build platform
target
i686-pc-mingw32

Build tools
Compiler 	Version 	Compiler flags
cl 	14.00.50727.762 	-TC -nologo -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -GL -wd4624 -wd4952 -Ox -GAFs -arch:SSE2 -fp:fast
cl 	14.00.50727.762 	-GR- -TP -nologo -Zc:wchar_t- -W3 -Gy -Fdgenerated.pdb -DNDEBUG -DTRIMMED -GL -wd4624 -wd4952 -Ox -GAFs -arch:SSE2 -fp:fast

Configure arguments
--enable-application=browser --enable-update-channel=release --enable-update-packaging --enable-jemalloc --enable-tests '--enable-optimize=-Ox -GAFs -arch:SSE2 -fp:fast' --enable-strip --enable-strip-libs
Comment 3 Ryan VanderMeulen [:RyanVM] 2010-09-12 12:02:49 PDT
Was it crashing in YARR? I was seeing that too and ended up dropping my optimize line as a result.
Comment 4 Varun 2010-09-12 21:50:35 PDT
YARR? (sorry, I'm jargon illiterate) :)
Comment 5 Ryan VanderMeulen [:RyanVM] 2010-09-13 04:14:00 PDT
YARR is the RegExp compiler used in Firefox. If you build with --enable-debug-symbols, you can break on the crash and get a stack from MSVC. If you can get a stack, please post it here.
Comment 6 Varun 2010-09-13 04:57:57 PDT
K I'm running a build with this option. Not sure how to break on teh crash. I don't have an actual install (with registry etc) of MSVC but have the installed directories copied from my older installation. Need instructions for this (and will Google too)

export BUILD_OFFICIAL=1
export MOZILLA_OFFICIAL=1
export LDFLAGS="-LTCG:STATUS"
mk_add_options BUILD_OFFICIAL=1
mk_add_options MOZ_CO_PROJECT=browser
mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/FFBINSSE2UO


LDFLAGS="-ltcg:STATUS"
	#export MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98 -verbose"
	#mk_add_options MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98 -verbose"
export MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98"
mk_add_options MOZ_OPTIMIZE_LDFLAGS="-opt:ref -opt:nowin98"
mk_add_options PROFILE_GEN_SCRIPT='$(PYTHON) $(MOZ_OBJDIR)/_profile/pgo/profileserver.py'

ac_add_options --enable-application=browser
ac_add_options --enable-update-channel=release
ac_add_options --enable-update-packaging
ac_add_options --enable-jemalloc
ac_add_options --enable-tests

ac_add_options --enable-optimize="-Ox -GAFs -arch:SSE2 -fp:fast"
ac_add_options --enable-debug-symbols

ac_add_options --enable-strip				#Enable stripping of  executables
ac_add_options --enable-strip-libs			#Enable stripping oflibs
Comment 7 Varun 2010-09-13 09:37:32 PDT
Still a no go with the debug too.
   Creating library IA2Marshal.lib and object IA2Marshal.exp
Generating code
  100%   0 seconds remaining
Finished generating code
uuid.lib(ieguids.obj) : fatal error LNK1103: debugging information corrupt; reco
mpile module
make[7]: *** [IA2Marshal.dll] Error 79
make[7]: Leaving directory `/d/mozbuild/mozilla/FFBINSSE2UO/accessible/public/ia
2'
Comment 8 Ryan VanderMeulen [:RyanVM] 2010-09-13 12:14:20 PDT
Can't help you with accessibility build failures, I have it disabled in my builds. That said, you probably just need to blow away your objdir and start fresh.

Not sure how to get a stack frame if you don't have a proper Visual C++ install. Not sure if there's a command line tool for it. I guess I'll do a new build with the optimize flags and post the stack here if you don't have a way of generating one. Maybe WinDbg can use the symbols somehow?
Comment 9 Tetsuro Kato (tete) 2010-09-24 20:11:39 PDT
Created attachment 478494 [details]
screenshot of WinDbg

Probably I have gotten the same error on my SSE2 PGO build of Firefox 4.0 Beta 6.

My build's optimization flags are:
--enable-optimize="-O2 -GL -GT -arch:SSE2 -GS-"
Comment 10 Tetsuro Kato (tete) 2010-09-25 23:18:57 PDT
When compiling /js/src/yarr/yarr/RegexCompiler.cpp with -arch:SSE, my SSE2 build was able to run.

Otachan san said to me that it seems that when building with -Ot and -arch:SSE2, and applying PGO, the build will crash in YARR. He also said that official builds have not been built with these compiler options now, so this problem might not have been recognized as a serious problem.
Comment 11 timeless 2010-10-07 04:56:31 PDT
tete: please read
https://developer.mozilla.org/En/How_to_get_a_stacktrace_with_WinDbg
it has instructions for how to get useful stack traces in plain text (much better than pictures).
Comment 12 Tetsuro Kato (tete) 2010-10-07 07:00:01 PDT
(In reply to comment #11)
Thank you for giving me a useful information. I've already deleted my debug build. I'd like to do that if and when the opportunity arises.
Comment 13 Varun 2010-11-28 02:45:26 PST
K I just finished ff4b7 with 
ac_add_options --enable-optimize="-Ox -GAFs -GL -Gy -arch:SSE2 -fp:fast"

works fine. Can someone pls build and confirm?
Comment 14 Mark Straver 2011-04-10 00:42:29 PDT
Building 4.0 (release) with SSE2 and the patch for bug 641325 implemented, making sure mozjs is indeed profiled and merged (which is why b7 built properly, mozjs was not part of PGO) I experienced this crash, as well, every time. Building with -O2 -arch:SSE2 -GT

Searching for a solution, I found this bug, and a solution created by Tete to work around this problem.

By adding the following lines to the makefile.in in js/src, I got a useful build with SSE2:

# Optimizer bug with MSVC PGO (Bug 595653)
ifeq (WINNT_1,$(OS_ARCH)_$(MOZ_PROFILE_GENERATE)$(MOZ_PROFILE_USE))
RegexCompiler.$(OBJ_SUFFIX): RegexCompiler.cpp $(GLOBAL_DEPS)
	$(REPORT_BUILD)
	@$(MAKE_DEPS_AUTO_CXX)
	$(ELOG) $(CCC) $(OUTOPTION)$@ -c $(COMPILE_CXXFLAGS:arch:SSE2=arch:SSE) $(_VPATH_SRCS)
endif 

I'll still have to test further, but this patch seems promising.

So as far as I'm concerned, this is confirmed a bug.
Comment 15 Ryan VanderMeulen [:RyanVM] 2011-04-10 04:50:11 PDT
Probably worth testing again once bug 625600 is landed.
Comment 16 Mark Straver 2012-01-06 11:50:08 PST
FYI: Firefox 9.0.1-release still exhibits this bug when compiled with -O2 or -Ox and -arch:SSE2, on both VS2005 and VS2010
Comment 17 Tetsuro Kato (tete) 2012-01-06 14:57:41 PST
(In reply to Mark Straver from comment #16)
> FYI: Firefox 9.0.1-release still exhibits this bug when compiled with -O2 or
> -Ox and -arch:SSE2, on both VS2005 and VS2010

When changing the compiler option of YarrPattern.cpp from -arch:SSE2 to -arch:SSE, we may be able to avoid the problem.

Note You need to log in before you can comment on or make changes to this bug.